Thank you all for coming and continuing to come and to sit there and be lazy. I don't know
what's going on. So welcome to breaking your expensive crap or the actual name we submitted
as doing bad things to good security appliances. This is going to be kind of a primer,
quasi, not really primer on hardware hacking as we see it in dealing with security
appliances of all types. Am I echoing really bad or is that just me? Figured. So dispense with
the pleasantries here. Fork, if you would like to take about five seconds and introduce
yourself. I've been breaking stuff since I was six years old. Speak up. I've been
breaking things since I was about six years old to include things like my dad's radio, the TV,
all sorts of other stuff, taking things apart. Women's hearts.
Generally, no. But taking software apart as well. I've been a reverse engineer
since I was probably about ten or 11 years old, taking apart 6502 code on a Vic 20. Having a
great time. Loving all of this stuff. Loved technology my whole life. And continue to learn.
So we've gotten now to a point where it's much more fun. And work for all sorts of people,
all sorts of places, everything from driving pizzas to different government stuff.
Okay. All right. We're done. That's it. All right. So.
Okay. All right. All right. All right. All right. All right. All right. All right. All right. All
right. You can hear his life story later, I promise. So I will be your quasi MC. I love
that word. Quasi. So I have been breaking things for quite a long time. Mostly to everyone's
chagrin. I'm not going to tell you my life story. But beer good, fire bad. That's about
all you have to know about me. Before we actually get started talking about the equipment and
what we're doing, we just want to point out some of the people whose research and efforts
in this area have really helped us out and saved us lots and lots of money. And I'm going
of time. I totally want to pimp the JTAGulator that Joe Grand is selling and making. It is
freaking awesome. Go buy one. And it's extendable with new firmware. So
get one. It's not going to just do JTAG. It's going to do all kinds of other stuff.
And we'll talk about the JTAGulator a little bit if you don't know what it is. So, yeah,
what we're going to be doing. We're going to walk you through the basics-ish of hardware
attack and analysis based on some of the practical examples we've done here in the
past couple of months. We're going to discuss the tools and mentality you should have to
be successful. Not required, but definitely good to have. We'll discuss some of the common
attack techniques when you're dealing with hardware. A lot of this talk is focused purely
around the hardware and the theoretical attacks based on hardware and not so much on the BSP or
the firmware or anything else that is associated with that actual hardware. And a
comment on this also. There is a larger set of material on the CD that covers this, but we
have 45 minutes. So we're going to be talking about the hardware and the theoretical attacks
in 45 minutes as opposed to the roughly three or four hours we would need to cover all the
material in the slide deck. So if you look at your DEF CON CDs, they have a large quantity of
material about each of the items, bullet points, what interfaces look like, what provisioning
interfaces look like, and a fairly detailed summary of how to get started doing hardware
hacking. Yeah, it's about 100 and something slides of hardware attacking and how you do it
and what you don't do and how people screw up and burn themselves with chemicals. So we're
going to be talking about that. So the last thing we're going to do is show you pretty pictures and
attempt to point at those pretty pictures. I don't know if we'll succeed. So the tools of the
trade. This is stuff we use, stuff we have laying around the labs, really handy to have any time
you're messing with hardware in any way. Most of this stuff can be acquired for less than $1,000.
Most of it can be acquired for under $500. It's just the more features you have, the more expensive
it gets. A few of the big items. We're going to talk a little bit about the hardware and the
systems. We'll cover these in detail as we need them when we're actually talking about the
hardware analysis. Your brain is important. It helps you control your body and it allows you to
consume alcohol, food, look at things, possibly. A voltmeter, surface mount soldering station,
hot air rework station. If you don't know what those are, Google it. Basically it's a soldering
station and a tube that blows out 500 degree air. It melts things. And that's Celsius. It's
really hot. It's really, really hot. So soldering stuffs, flux, magnifying glasses,
microscopes, bus pirate. By the way, if you're using a magnifying glass to look, a physical one,
to look at a chip, put some Rain-X on it. Otherwise it's going to fog up like every three
seconds and you're just going to be pissed. Pro tip. Yeah, pro tip. Don't be pissed. Bus
pirate, amazing little device. It is like the, you know, you're going to have to go to the
end all, be all for raw bus analysis up to a certain hertz range. Debugging interfaces, great to
have spare ones around. We'll talk about some of the mistakes here in a second that hardware
manufacturers tend to make. And I don't know if you know this, but just desoldering the header
doesn't protect your board from having a header put back on. So pro tip. Yes, IDA pro. We'll
cover the ‑‑ we'll quasi cover this.
More on the slides on the disk. Yeah, more on the slides on the disk. We'll talk about
what you may be able to throw into IDA pro that you would have gotten out of the chips that
we're attacking. And then other stuff you might need, chemicals, respirator, balls, also
dongs. You know who you are. So, security appliances. You know, what do we consider to be
security appliances? I know a lot of people when I ask them, you know, what are they
thinking about security appliances? They think of firewalls. They think of IDS. They think of
all these actual things that have been categorized as appliances and sold to you by vendors who
want to charge you lots and lots of money. What we consider to be security appliances is
basically anything that can be used to secure something. So some of the examples we'll be
looking at is securing people from themselves, like a safe. Or we'll be looking at something
like a security encryption system that we'll be demoing, well, talking about here at the end.
So it can be practically anything that has some kind of security setting and is hardware
related. The steps that we generally take, again, go consult a big, massive deck of slides if
you really want a breakdown of all these steps or find me in a bar and I'll be happy to talk to
you for a price. And there's an outline of a full methodology to do repeatable assessments on
that slide deck as well. And again, we just don't want to go into too much detail about that.
We don't have time to cover it because that takes 45 minutes by itself.
Yeah. Pretty much. So generally what you want to do is you want to define the goals.
You know, what are you actually going after? Why are you attacking this device? You don't ever
walk into something, especially when you're doing any kind of reverse engineering, and go,
I'm just going to do this because. Because it takes forever. Because you will sit there going,
oh, I'll look at this now. I'll look at this now. And at nine months of work, you will have
nothing but a pile of, oh, look at this now. So you want to define what you're going to do. You'll
define the device. And what we do, what we're talking about when we want to define the device is
we want to look at it based on our goals. If our goals are to rip something out of the NAND flash,
I don't have to sit there and mess with every other piece of that hardware to get that NAND
flash. You know, I want to go directly to the bus. I want to do the stuff related directly to
that chip. So when we're attacking something, we always have to keep the goal in mind as we
define the parameters of the device and what hardware and what equipment we'll need to
actually get that out. Gather all the open source information you've
possibly can. I know some of you may be decent social engineers, and if you ever talk to a
sales guy, they just love to send you crap. The more you're like, I want to buy your piece of
shit, they're like, here, have some documentation. Would you like chip specs? I've got some
high res X-ray photos, too. Yeah. Seriously. Like, I got stuff from one guy. I was like,
confidential company source information. I'm like, sweet. Thanks. No NDA. Thanks. Saves me from
the scope. It's in the budget, right? We're working on that. Yeah, exactly. You know, examine
the device for entry. Yeah. So, you know, a lot of these companies that create these secure
appliances, especially ones that deal with key management, tend to have case sensors. They
tend to have something to ‑‑ a magnetic sensor of some sort or a light sensor or it just
happens to be to detect case opening so that when you actually open the case, it, you know, it's
theoretically dumps the keys. Say bye‑bye to your SRAM. Yes. Say bye‑bye to your SRAM.
Yes. However, like the mistakes we'll be talking about here in a little bit, usually the
implementation of those security mechanisms are terrible. It turns into a checklist. The
security guy is like, I need case protection and key protection and all this stuff. And then the
engineer is like, done. And we all know how well that goes. So, you know, it's a lot of
work. So, you know, look at the best way in. Look at the way that's going to be the least
intrusive in the particular device. And then analyze the device circuitry networks and device
components once you actually open the case. Determine the most plausible attack vector for the
actual hardware. And then attack like your life depended on it. Or go slowly, however you
prefer. Toro, toro, toro. That would be tiger, tiger, tiger. Well, whichever. So common mistake,
by the actual reverse engineers themselves. And I don't know how many times I have fallen victim to
my own stupidity. And my friends as well. Due to not taking copious amounts of notes. And not
taking pictures. Because when you're sitting in a pile of chips with a desoldered board in front
of you going, I think it goes here, is not really the best time. And orientation is always
important because if you hook them upside down they tend to let the magic smoke out. Yeah. Powering
up a board with a badly soldered chip just is a mess. You know, burning yourself with
chemicals or fire, bad. Bad. Beer good, fire bad. See, I've taught you all something
already. You know, not properly prepping for ESD, you know, optical and magnetic isolation,
if you need to work in an argon pressure environment if you're dealing with nitride chips.
Very, very important to have your test environment set up so that you're not actually going to
ruin the thing that someone paid you or that you acquired to test yourself. Always, always,
always take the time to make sure your environment is set up correctly and save yourself hours
and hours of headache. And then my absolute favorite, get a backup device or a device of
like make or something that's comparable to the chip set you're using because, you know,
once you let the magic smoke out of the thing you should be testing, you have pretty much
failed. So you can't put it back in. It just doesn't work. And the list can continue ad
nauseam based on the stupidity of the reverse engineer themselves. You know who you are.
So, common mistakes by the people who sell you the really expensive appliances. Putting your
case sensor wires right next to the vents. So, you know, I'm not going to talk about this.
A paper clip and a pair of vampire clips and I've just taken out your massively complex wire.
And that handy dandy heavy gauge steel case, too.
Yeah, yeah. I love that.
And the heavy steel case, too.
Yes. Very impressive steel cases. And then you put vents in it. You know, hiding your chips
under epoxy. Epoxy is not a security mechanism. For God's sakes.
It really isn't. Like, you get this $30,000 piece of equipment with your security
processor that holds your keys in it and you're like, I'm just going to put epoxy on it. It's
cool. Nobody can get to it. It's a bitch to get off. It's fine. You know, not using a built-in
encryption protection mechanism on embedded processors, big fail. Not setting the read write
protect bits on the processor flash. You know, that's a big fail. You know, that's a big fail.
There are fuses for a reason. And, you know, they're a real pain in the ass to get around.
So if you set them, it will only take me slightly more time in aggravation, but it's more time in
aggravation. And if I get aggravated enough, I go find beer and I stop working on your device.
You know, not limiting access to debugging and provisioning ports. We were talking about the
protection mechanisms for a desoldered JTAG port is not an actual protection mechanism. So if you're
actually going to do that, you know, think it out. You know, lock it down, use secure JTAG, use
some kind of key mechanism, use authentication where possible depending on your chip set to
actually protect said device. And then my favorite, and Mark's favorite as well, running your
I2C and SPI buses up to the user LCD, then back into your really hard case with all of your
security mechanisms. You know, that's a big fail. You know, that's a real pain in the ass to get
rid of the security mechanisms where it directly attaches to the boot flash bus. Because then you
just take the panel off and you're on the bus. And then you can rewrite your boot flash
and maybe get some PXE action or a bunch of other stuff. Yes. For those of you who would
like to save me time, do that. And then, you know, there's so many more attack vectors and
mistakes we can go into based on the way the devices are actually engineered. But for the sake
of clarity and possible beer later, I won't go into this. So, possible attack methods. There is
voltage glitching, timing manipulation. You can Google these or go find that giant slide deck.
Fuse resetting. If you can basically polish a chip in a clean room using a UV method. Not for
noobs. Just to warn you. Any time you talk about chip shaving and nitronized chip sets and
everything else, not a first time experience. Not good. So, I'm not going to go into that. I'm
not going to go into that. You know, the JTAG VDM provisioning interface debug, those are
easily, easily screwed up because most times they're made for debugging. So if you can get on
to those and mess with it and twiddle some bits and, you know, do other very dirty sounding
things to equipment, you have a good chance of actually causing it to spill its beans. And
then debug path manipulation using the I2 square ‑‑ I squared C. Switching flash pin,
do text to text, which he'll get into when we actually talk about the boards. So, the
examples for the actual talk here. The thermostat in your secure hotel room. And you're like,
why? Why does that thermostat matter? Well, most times these are actually tied into the
central HVAC system. They're monitored. They're controlled by industrial control systems,
which in most times, due to human laziness, sits on the same network as someone's admin
network or something else because, you know, it's never true. It's never true. But, you know,
hotel room safes. I love safes. I love electronic safes. They're the best. You know, encrypted
storage device, which we're going to talk about here, and then Java cards, which we'll touch
on because they relate directly to the encrypted storage device. So, the thermostat. We
attained a demonstration unit from some random hotel. . It is an interesting
device from this random hotel that has some really good prism-loving features. It has an
occupancy sensor on it, an infrared programming capability, a bus interconnect, and the
centralized monitoring configuration station we were talking about, and then the usual HVAC
controls and relays and pushy buttons and display and what have you. So, I'm going to turn it into,
you know, Vanna White over here. . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . .. . . . . . . . . . . . . . . .
, and she'll talk about the attack methods. . .
All right, I'm going to try to speak up so everybody can hear me, is that good?
Yeah.
Okay. Good. So, we're going to cover this thermostat. . Hang on, there
we go. Very, very quickly. So, I'm going to look…. If you look at the slides here, you can see
that we've got a communications module that uses something that's somewhat like X-Ten protocol.
Automatic light switches to the house that you mess with using the Rf interface to the little box
that sits in the back end of your car. That's where we do things like Intershuoka, I don't know
wall and the power system and it modulates signals on your power lines. Yeah, I'm trying
not to. So we also have ‑‑ let's go from top down then. So we have the HVAC controls
and we also have network communications there, if you see that. There's a five pin interface
and I'm going to try to shoot this with a laser but I'm not sure if I can hit it from
here. Yeah, that's a big fail. Actually, I think the ‑‑ oh, there we go. Okay.
So up in here is where we're looking at right now. And we see that there's also an infrared
module which is used for, I would assume, programming this device as well. Didn't have
time to do a full reverse engineer on it. And then you see the CPU here which is a nice
little 8 bit microcontroller. I believe it's a ‑‑ I think it's actually the same as
the safe which is an ADC51.
An interesting note about this microcontroller is that it has a serial interface, an in‑system
programming interface which is always on, can't be turned off from the look of things.
And it's not hooked up to anything. So these chips are pre‑programmed before they're
on the board but you can definitely, definitely do surface mount soldering and dump that
firmware right out. Right out.
Right out. We also have an SPI ‑‑ I'm sorry, actually, that's mislabeled. That's
an I‑squared. That's an I‑squared. That's an I‑squared. That's an I‑squared. That's an
I‑squared C configuration flash. And there's an LCD controller and then down at the bottom
you see a bus connector. And that bus connector actually goes into a bus driver that goes
into the microcontroller and then probably with the right software out into the communications
module. This is the infrared emitter which in this particular thermostat was broken and
causing the room to heat up pretty nastily and was repaired accordingly.
Yeah.
Yeah.
So the thermostat was repaired accordingly and was suddenly much more effective
and the room cooled right off. Recently borrowed thermostat.
Right. So this is the front of the thermostat board. And you'll see the little chip ‑‑ the
tiny little eight‑pin dip there ‑‑ sorry, the eight‑pin dip there ‑‑ right there‑ish
is the bus driver that we hook up to on those little three‑pin interfaces on the bottom.
So originally I thought, oh, my goodness, they actually put the serial interface to
a port on the outside of the case for me so I can get straight to the in‑system programmer
and dump all the flash. It would have been kind of them, but they didn't.
So this is the board as it's been decloaked, as it were, detached and actually pulled out
of the case so you can get a good clean view of it. So there's a ‑‑ you know, you
can see the crystal, the CPU, the I‑squared C flash, the LCD controller, discrete components.
And then you can see the system.
A few other provisioning headers and the connectors for the infrared ‑‑ oh, sorry,
the connectors for the provisioning infrared and all of that stuff. There's a close‑up
of the bus driver. All right. And so practically what we can do with this ‑‑ can I have
my water, please? Yeah, I can have it. All right.
So what we can do with this practically, once you have the firmware, you have the keys to
communicating with that X10‑like protocol. It's an 8‑bit micro. It's not hard to take
apart. There's a number of registers in there, of course, and other instructions that do
stuff. If you reverse engineer the subroutines and reverse engineer the communications protocol,
you can get a very, very clear idea of how fast to send information to that module and
exactly what to send to that module. Now, as an aside, the manual for the control software
for this particular thermostat is freely available from the manufacturer on the Internet. And
it covers a lot of stuff, including a lovely diagram of exactly how it's all hooked up.
So these thermostats, for example, might go to a floor controller, in which point they're
networked into the rest of all the floor controllers and then back into the back‑end office where
the main control system can determine whether it goes into VIP mode or not, for example,
or whether it gets to be 95 degrees in someone's room or not, for example. And, yeah, some
other things, too, but we can't talk about those.
That would be regrettable. Very regrettable. And I'm going to turn it back over to Rob to talk about some Roman hotel safe.
So we may have found this box somewhere. And I'm a big fan of Roman history, obviously.
That's why that's on there. You know, some highlights of this particular device. It's a decent metal
box that's been bolted down. It has a 4‑8‑digit variable pin. It's manually operated for
power conservation, usually by the hotel staff if they want something in it. Not saying
anyone is bad or anything, but, you know, don't trust the safe.
So about the hotel safe looking sexy from a random Roman hotel. Do you want to talk
about the board here? Yeah, I'll just stand up. That's fine. We'll switch back and forth.
Okay. So this is a sexy, sexy looking safe. Got a control board, got a servo arm, got
the actual bolt attached to it, and some lovely batteries. Copper tops. They last a little
longer. So total of six volts of power being supplied to this board. The main board is
broken up into several discrete areas and several connectors. So we have ‑‑ if you look up at the top of this board, you see the
battery connector, which is also a ‑‑ going back to the other side here, also a connector for one of the switches. We see the
front panel connector, which goes to the little pushy buttons and the latch register ‑‑ I'm sorry, the LCD display
circuitry. And we also see a motor driver, which is just the typical servo motor for, you know, four‑phase servo driver.
Some switches that detect whether the safe bolt is open or closed and whether the door is open or closed. And the second front panel
connector. And we also have a 64K EEPROM and a two‑kilobyte flash ROM. And, of course, the other red box that's not labeled ‑‑ I'm
sorry, the two red boxes aren't labeled are a Dallas real‑time clock module with battery included and a CPU module, which I believe
is, again, a 65 ‑‑ I'm sorry, a ADC51, but of a Siemens variety as opposed to Phillips. So I'm going to zip through the rest of this stuff.
So there's some interesting things on this safe. So if you've looked under the handle of these safes, you'll notice there's an RJ5 interface and a small
barrel connector, 1‑16 inch barrel connector. And the reason the barrel connector is there is because batteries die and people still need to get
their stuff. So you can power this from an external source if you need to.
Additionally, the RJ45 is connected directly to pin 4 on the controller, which is an attention pin. It says, wake up, I need to send you
something. And directly to the serial receive and transmit pins on the microcontroller. So if you send it a particular sequence of
bytes, it opens right up. This is not a good thing. Because you can just repeat it over and over and over and over and over to other people's safes.
Yes.
You can. Now, there are a couple of distinctions.
In a Roman hotel.
So I'm going to zip back and look at this real quick as well. So if you see down here in the ‑‑ let me see if I can hit that.
So right in here, what that actually says is there's a code printed on it. And I'm not going to zoom in for you because you have to do your
own research. But that code is a uniform code per hotel from what our research indicates. So if you have this code and a couple of other
elements ‑‑
Which I unfortunately again can't tell you about because we haven't disclosed it to the manufacturer.
Then yes, you can open the safe right up.
So if you look at the Siemens microcontroller, you see that the numbering is actually C501 on it. But if you pull up that particular data sheet,
it says 8051 on it. So this is a variety. 8051 is a very old processor for anybody who doesn't know this. And it's a very prevalent processor in embedded devices. Fairly powered.
So if you need something that lasts forever and can trigger a few servos or detect a few sensor motions, that's a great processor for it.
So the secure SAN encryption board ‑‑ in fact, do you want to pop the case and get those out so you can pull them up?
Yes.
Okay. So we have a couple of these secure SAN encryption boards. And these devices were obtained from eBay.
We had a ‑‑ excuse me ‑‑ we had a reason to look into them. And we found that eBay is a great source for almost anything.
You can usually get surplus chips, for example, that were actually from the manufacturer in China. They made an extra run of whatever.
Some of them even have the same e prom version identifier numbers as the product you're attacking. So we've taken epoxy off.
And then when we're looking for that particular chip model on eBay to go and, you know, sock it onto a carrier board and test it for different things,
we find a picture of the sticker that was under the epoxy on the flash device on eBay.
By the way, the greatest thing about eBay is when companies refresh all their equipment,
some random guy in, like, Texas gets a $30,000 encryption device,
and then sells you these cards for $30.
That is correct.
Because he has no clue.
And they'll also sell broken devices on eBay.
Now, these broken devices might go for $100 for the weight of the component gold or whatever like that.
Well, that's all well and good, but when it's a solder joint on the power supply that's broken off and you re‑solder it,
you've now got a $30,000 appliance that works just fine.
And it allows you to research some really high‑end components and really high‑end stuff without spending much.
Makes a, you know, personal research budget very happy.
The Linux chips on the cheap.
Yes.
And if you know where I can get a scanning electron microscope, come and see me afterwards, actually.
So some of the features, the device itself is actually very well put together.
It's a heavy gauge steel.
And its purpose is to manage the power supply.
And there's keys for like the brocade encrypting fiber channel switches.
So the way it works is it manages the keys.
It sends it to the switch and says I have this particular piece of media that I need to access.
And it says, okay, well, here's the key that I want you to apply to that.
So all your data is encrypted at rest.
It's a great idea.
You know, it's a really great idea.
It actually, you know, the device does key management well.
But they made a few critical mistakes with where they store keys and how they store keys and how keys are stored.
They're passed back and forth.
And again, because we haven't disclosed it to the manufacturer, we can't tell you.
I'm really sorry.
Check back in like a month, hopefully.
This is probably more like a couple of years on this one.
Check back in a couple year-month things.
But anyway, so it also has a lovely Windows Java front end.
And I'm going to go on a bit of a rant here on this on the Java card stuff.
I don't have time to rant.
It uses Java cards to store the master keying material.
I don't have time to rant, apparently.
Okay.
Well, let me just say this then in calm tones.
Don't include your Java card sources in the jar archives for your admin interface.
This is a very bad idea.
Part of the security through obscurity model with Java cards is they are EAL4 certified in most cases.
That means you're not getting the code out.
But if you compile it to standard Java,
you can use a tool called JAD, which probably most of you are familiar with,
to decompile this code to clean source.
So.
Big props to them for that.
Saved a lot of time.
Thank you.
Yeah.
Thank you very much.
So this is our hardware formerly known as expensive.
And its new symbol is the dollar sign, I gather.
So you can see on the bottom the device with the epoxy on it.
And we actually have these devices up here.
Yeah.
After the talk, you can come look at them if you'd like.
You can come and take a look.
If they leave the table, I'll beat you.
That sounds like an evil promise from Evil Rob.
And these devices, as you can see, we're going to zoom in on the epoxy version here a little bit.
And then we're going to look at this guy.
And we have high res photos of these as well that I'll possibly bring up here in a moment.
But the chip that you're seeing that has the cover peeled off,
right here, lovely polished silicon.
It's a flip chip, if you guys remember that particular manufacturing technique.
And there's a heat sink and the actual chip cover.
That is a Zilinx Pro 2 Plus FPGA.
And that particular chip loads its information from flash memory.
So I'm going to show you a chip picture of the board before we've removed a couple of the critical chips.
I'm trying to hit it again.
There it goes.
So that is the actual flash chip that the Zilinx chip gets its information from.
So it loads that every time it boots up.
Zilinx supports an absolutely fantastic encryption protocol.
And it stores the key internal to the FPGA.
The only way to get it out is through technically power consumption monitoring on the voltage pins on the FPGA.
So you can hopefully get the key.
And it takes, I think, roughly 10,000 iterations to make statistics.
So you can get a likely candidate.
In case you're taking notes.
Right.
The other chip is an ATML AT90S6464C.
And anybody who has done TiVo hacking knows this chip as a 3232C.
We don't advocate hacking your TiVo.
Of course not.
These two chips, so there was a fatal flaw in this.
They did not use the Zilinx encryption protocol.
So we were able to dump out the entire Zilinx configuration bit stream.
Now I didn't really feel like reverse engineering Zilinx bit stream entirely.
So a very, very nice person named Casey Morford who did his master's thesis on this was kind enough to run it through his tool set.
Now he wouldn't give us the tools, unfortunately.
His tool set is BA, seriously.
It's very, very impressive.
It does complete decomposition of the Zilinx bit stream.
So it's very nice.
It takes it right down to a text stream and tells you what each byte does.
So anyway, we're going to cover also one more thing on this one or a few more things actually.
But booby traps.
So hardware manufacturers who use epoxy like to do silly things like booby traps.
And what you see here right beside that tiny Zilinx chip there is a booby trap switch.
Now if that booby trap switch is not depressed, no current goes to the SRAM and the keys dump.
So if you're taking the epoxy off and you've been very careful or you're chemically fulminating your nitric acid or doing whatever you're doing, take it off.
And that switch pops up.
It's game over.
The solution to not having the chip pop up is to not cut the epoxy around the chip.
So that really expensive mechanism can be stopped by being lazy.
Just the way we like it.
So in addition, one other thing I want to highlight on this slide is you see the row of six empty holes there.
That is most likely the initial provisioning interface for the Atmel chip.
However, because they're clever designers, they use some leveling capacitors and some other tricks to ensure that you can't really get good voltmeter test runs.
Everything kind of goes to a middle voltage.
And you don't get the beep when you have your voltmeter set to beep when you touch the traces.
So it's good on them.
It was a good try.
And so that's a closer picture of the Zilinx Pro FPGA.
And I want to thank Anders if you're in the audience.
Stick here.
Anders, thank you so much for the use of your wonderful camera and your skill with this.
These recent pictures that you're seeing up here are all courtesy of Anders and he did a great job.
Thank you.
So again, we're going to look at the provisioning interface there.
That's just a quickie.
And that one's only got a bit of the epoxy cutaway.
And we have a movie of epoxy removal if anybody wants to see it later but not right now.
It took about ten hours and an X-Acto knife.
Actually, I think it was between 12 and 14 hours with a hot air workstation set to 500 degrees centigrade.
And several X-Acto knives with thermally resistant handles.
Fire bad.
Fire bad.
Burnt off fingerprints worse.
Beer good.
Beer very good.
The other thing we're going to highlight here is the Mictor provisioning interface.
So there's three of these total on the bottom of the board.
So if you guys can see this, Mictor is the interface provided by Agilent for their super high end, super expensive, super awesome equipment.
It's impedance neutral.
It does all sorts of other stuff.
You can run test points to it.
You can run JTAG through it and everything else.
It's spiffy.
It's also extremely expensive.
And there's three of these guys on the bottom of this board when you take the epoxy off.
If you look at this region here, I'm trying to correct for relative spacing.
Oh, there they are.
Okay.
Up here.
And then one up in this area.
So there's three of these interfaces.
Three very expensive Agilent interfaces, all of which could be a candidate JTAG interface.
And that candidate JTAG would talk to all of the memory devices.
For example, on this.
As well as with the exception of the NAND flash and the FPGA.
So I'm going to actually back up a few slides here to show you one other chip.
So there's another interesting comment on this.
So there's an I squared C flashable mux involved in this.
And what I mean by that is you can take a set of pins.
A mux is a device that lets you set, you know, pins to other pins, basically.
So you can map inputs to outputs if you think of it that way.
And there's a device just north of the Atmel chip that is an I squared C multiplexer, flash multiplexer.
And what that device does, in essence, is it prevents you from talking to that chip unless you've initialized it properly.
So it's a very interesting way to protect another type, you know, protect your keying material.
So something to think about.
And I'm going to turn it back over to Rob.
And then hopefully we have enough time for some questions, too.
Thank you, sir.
So what have we learned from analyzing all the random crap we get a hold of?
Fire bad.
Beer good.
And that's it.
Thanks for coming.
So the architecture of the whole system is rarely considered in complex environments.
I mean, this is...
This is pretty much across the board.
You know, computer architecture, software architecture, it doesn't really matter.
However, with hardware, you have to be especially careful.
Because like we were talking with the security appliance and how they...
The brocade decrypter, how it actually functions and how it stores those keys can entirely negate your very expensive box.
You know, always attack the implementation, not the encryption.
You'll spend all freaking day.
Or, you know, year or year month day thing.
If you're not...
Until the sun actually burns out.
Right.
Exactly.
It will take a long ass time.
So, you know, attack the implementation.
Usually it's designed by a human being who makes it relatively flawed.
Look for humans being lazy.
That is also one of my favorite comments.
Because, like we said, epoxy is not a security mechanism.
So, you know...
It will normally be, even in large engineering efforts, people cut corners.
There's deadlines.
There's things that people overlook.
There's one point I do want to interject for safety reasons.
Don't try it at home.
You have to do certain steps to be safe around burning epoxy.
All right.
So heating it up is one thing.
Some of the off gases from these things, I mean, you have a whole variety of things.
I mean, the process of what's called homeopolymerization, which is what epoxy uses.
Tangent.
Tangent.
Tangent.
But anyway, the point is it off gases bad stuff and can kill you if you're not careful.
Yeah.
Don't do this at home.
We're kind of professionals.
Or wear a respirator.
You know, so chips don't lie.
A chip will have markings on it.
It will have manufacturing on it.
It will be pinned in a certain way.
It will be soldered a certain way.
It only goes in one direction.
And if it doesn't, it burns out.
So, you know, look for the placement of the chip.
Look what it's paired to.
Look what bus it sits on.
It will be easy to determine the actual device you're working with from there.
And there are chip databases out there that have all kinds of markings and how they're
hooked up.
And if it's SPI or I squared C, it's just huge amounts of information.
And then I need more beer.
So with that, we may have, what, five minutes for any questions?
Yes?
No?
Yes?
All right.
Fantastic.
So thank you for coming to see this.
And if you have any questions, we'll be here.
Thank you.
Thank you.
Thank you.
